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DETAILED ACTION 



Response to Amendment 

1 . This action is in response to the amendment filed on Feb. 23, 2004. 

2. Claims 1 , 7 and 17 are amended and claim 6 is canceled. Claims 1-5 and 7-17 
are pending on this application. Claim 1 is independent claim. 



Response to Arguments 

3. Applicant's arguments have been fully considered but they are not persuasive 
in overcoming the rejections based on the prior art of Eldridge et al. 

4. The text of Title 35, U.S. Code not included in this action can be found in a 
prior Office action. 

REMARKS 

5. In response to applicant's arguments about Authorization Record: 

On page 3 of the applicant's Specification, an authorization record is comprised 
of the following items: (a) Identifier for Terminal, (b) Identifier for Printer, and (c) a 
public signature key. The reference (Eldridge U.S. Patent No. 6,515,988) designates a 
token, which is equal to the applicant's stated 'authorization record' since 'a token' also 
includes these same items: 

(a) Identifier for Terminal (see col. 6, lines 48-51): A Service Host Identifier is 
specified which indicates where the document or service is available from a host 
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machine on the network. This identifier uniquely identifies the network node 
(host). 

(b) Identifier for Printer (Printer ID) is designated using two separate 
components, the Service Identifier and Service Parameters. The Service 
Identifier (see col. 7, lines 17-20) specifies the device name (printer, scanner) 
and the Service Parameters (see col. 7, lines 44-47; see col. 7, lines 49-54) 
specifies context and location parameters such as the type of document device 
and its specific location. This set of parameters (Service Host Identifier, Service 
Identifier and Service Parameters) contains the information required to uniquely 
identify a printer located anywhere within the network. 

(c) The public Signature key (see col. 3, lines 16-19): A token contains security 
information plus a public signature key, which is used to verify digital signatures. 
Token processing can proceed after this verification step has completed. 

A server system (first server) with the reference's token software has sufficient 
authorization record information to verify a document's identity and analyze a 
document's security parameters including the printer ID. Secure document servers 
(see col. 3, lines 11-16) create and maintain authorization record information, which is 
verified before processing any document. The identical information contained in an 
authorization record is contained in a token. Therefore, the rejection of claims 1-17 is 
proper and maintained herein. 



Claim Rejections - 35 USC § 102 
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6. Claims 1-5 and 7-17 are rejected under 35 U.S.C. 102(e) as anticipated by 
Eldridge et al. (U.S. Patent No. 6,515,988: Filed Jul. 17, 1998). 
Regarding Claim 1 (Currently amended), Eldridge discloses in a network connected to 
a printer, a first server and a network terminal, a network terminal authorization protocol 
for authorizing the printing of a document at the printer at the request of the network 
terminal, (see col. 2, lines 18-31 : "... The token specifies the particular operation that 
is to be performed, e.g. getting the document or performing a service (printing, . . . 
Address of document or document service. The token contains the information 
necessary to find the document or service. ...A WWW Uniform Resource Locator 
(URL) is an example of a document address, ...") including the steps of: 

a) creating, at the first server, an authorization record authorizing the network 
terminal to print at the printer (see col. 7, lines 1-16), and storing in the 
authorization record, a printer identifier identifying the printer : (see col. 6, lines 48- 
52: " Upon request of a user at a first machine, a document stored on a second 
machine may be retrieved and sent from the second machine over the internet, . . . 
to the first machine. Also, the document may be retrieved using . . . its World 
Wide Web URL, . . .. Preferably also connected to the network are any number of 
processor-controlled printers, ... capable of ... , printing, ....") 

b) requesting, at the network terminal and via a printing request, printing of the 
document at the printer; (see col. 8, lines 62-66) 
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c) verifying, using the authorization record, that the network terminal is authorized to 
print at the printer (see col. 9, lines 18-22), and verifying that the authorization 
record contains the same printer identifier as the request : (see col. 6, lines 5-10; 
and col. 6, lines 48-49: "Authorization-The general token 30 includes ... the two 
main security components. It provides the means by which the system can verify 
that the token is genuine and has not been tampered with. The first security 
component is an Authorizer Identifier 342- . . . indicates the person that created 
the token 30. ... The Authorization identifier 342 may be ... as complex as a full 
X.509 identity certificate (see ITU-T Recommendation X.509-CCITT document 
The Directory-Authentication Framework 3 ). The second security component is an 
Authorizer Digital Signature 344, ... a hash of the string using any suitable well- 
known secure hash function (e.g. MD5, SHA; see Applied Cryptography by Bruce 
Schneier, 1996, John Wiley and Sons), and (c) encrypt the hash with the user's 
private key, ... . ") 

d) in the event that the verification succeeds, sending the document to the printer for 
printing, (see col. 9, line 35; and col. 5, line 65 - col. 6, line 10: "A token contains 
... essential information which allows the system (token-capable server software 
resident on public networks and private networks) to initiate actions which produce 
the desired result. For example, printing out a document only needs a simple 
interaction: The document's token is selected .... When the latter token is received 
by the server software ... , the servers acts on the receipt of the token and causes 
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the document to be retrieved, processed, and printed. " Tokens are used as 
security and authentication devices and control the locating and access (host 
location), transfer (if necessary) and processing (printing) of documents.,) 

Regarding Claim 2 (Original), Eldridge discloses a protocol according to claim 1 , 
where, in the requesting step, the printing request is sent to the first server, and the 
verifying and sending steps are performed at the first server, (see col. 5, line 65 - col. 6, 
line 10: A network can contain multiple server (first server, second server,..., ) with 
token server software installed. The token server software system controls the 
accessing and processing of documents based on information contained within the 
token and server system.) 

Regarding Claim 3 (Original), Eldridge discloses a protocol according to claim 1, 
where, in the requesting step, the printing request is sent to a second server and the 
sending step is performed at the second server; the verifying step including the sub- 
steps of: see col. 9, lines 13-21) 

a) requesting, at the second server and via a verification request sent to the first 
server, verification; (see col. 9, lines 29-37) 

b) verifying, at the first server and in response to the verification request, that the 
network terminal is authorized to print at the printer, (see col. 9, lines 53-60: A 
"second" token software enabled server must receive a token to receive, verify and 
process a document (retrieve and/or print) from a first server that received a token 
to process a document. ) 



Application/Control Number: 09/575,150 Page 7 

Art Unit: 2132 



Regarding Claim 4 (Original), Eldridge discloses a protocol according to claim 1 or 
claim 3, including the further steps of: 

a) allocating, at the network terminal, a public/private signature key pair; (see col. 2, 
lines 47-56) 

b) storing, at the network terminal, the private signature key; (see col. 7, lines 13-15) 

c) storing, at the first server and as part of the authorization record, the public 
signature key. (see col. 2, lines 64-67: " The security information includes a digital 
signature of the information in the token. The digital signature is a digest of 
information in the token and its encryption with the document owner's private key. 
This follows well known prior cryptographic art relating to public/private key 
cryptography (see U.S. Pat No. 4,405,829). " PKI technology is used in the 
implementation of security and authentication for access at a network terminal. ) 

Regarding Claim 5 (Original), Eldridge discloses a protocol according to claim 4, where 
the requesting step includes the substep of generating a digital signature using the 
private key (see col. 2, lines 47-50) and attaching it to the request (see col. 7, lines 43- 
54), and the verification step includes the sub-step of verifying the digital signature 
attached to the request using the public key. (see col. 3, lines 11-19:: " Tokens which 
include security information are presented to "secure documents servers". A secure 
server contains a "gatekeeper" which verifies signatures on tokens and examines the 
specified conditions ... (e.g. encrypting the document with the appropriate key). The 
public key for verifying the signature is obtained through a parameter in the security 
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information which identifies the owner of the document ... . " Digital signature 
technology is used in the implementation of security for access file server (document 
retrieval and transmittal) and/or print server (document formatting and printing) system. 

) 

Claim 6 (Cancelled) 

Regarding Claim 7 (Currently amended), Eldridge discloses a protocol according to 
claim 1, where the creating step includes the sub-steps of: 

a) allocating a terminal identifier for the network terminal; (see col. 6, lines 48-62: 

" The general token 30 includes a Service Host Identifier 32 which identifies a 
host machine on a network. . .. " The network address (equivalent to terminal 
identifier) indicates the network location for the host system executing the web 
browser software and acting as a network terminal.) 

b) storing the terminal identifier in the authorization record; (see col. 7, lines 1-16) 

c) storing, at the network terminal, the terminal identifier, (see col. 1, lines 29-42; and 
col. 6, lines 48-49: " The general token 30 includes a Service Host Identifier 32 
which identifies a host machine on a networi<. " The network address (equivalent 
to terminal identifier) indicates the network location for the host system executing 
the web browser software and acting as a network terminal. ) 

Regarding Claim 8 (Original), Eldridge discloses a protocol according to claim 7, where 
the authorization record is retrievable by the printer identifier and terminal identifier 
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stored therein, (see col. 7, lines 44-54: The token contains an identifier indicating host 
system with attached item (document or printer). ) 

Regarding Claim 9 (Original), Eldridge discloses a protocol according to claim 8, 
including the further steps of: 

a) submitting, at the printer and to the first server, an authorization identifier request 
requesting the allocation of an authorization identifier; (see col. 5, lines 65 - col. 6, 
line 1 : Authorization information exists at the server system to process the 
requested documents.) 

b) allocating, at the first server, the authorization identifier; storing, at the first server, 
the authorization identifier; (see col. 5, lines 65 - col. 6, line 1: Authorization 
information exists at the server system to process documents.) 

c) printing, at the printer, the authorization identifier and the printer identifier; (see col. 
10, lines 3-6: Additional information can be printed with the document.) 

d) submitting, at the network terminal, and to the first server, an authorization request 
containing the authorization identifier and the printer identifier; (see col. 9, lines 18- 
22: "At workstation 50, upon receiving the token, the first step (s1 1) is to decode 
the token: this involves checking the Authorization and is described in more 
detail below in connection with FIG. 6. " An authorization request contains 
identifiers for authorization and the printer. ) 

e) validating, at the first server, the authorization request; in the event that the 
validation succeeds, performing the creating step, (see col. 9, lines 53-60: "If the 
test is failed, an "Authorization verification failure" message is returned (step s126), 
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1. e. output to the user in a conventional manner. If success is obtained ... , the 
action (service)--here printing a document-is invoked by workstation 50, ....") 

Regarding Claim 10 (Original), Eldridge discloses a protocol according to claim 9, 
where the creating step includes the sub-step of: 

a) recording, at the first server, that the authorization identifier has been used; (see 
col. 7, lines 1-16) 

b) the validating step includes the sub-step of rejecting, if the authorization identifier 
is recorded as having been used, the authorization request, (see col. 2, lines 57- 
60) 

Regarding Claim 11 (Original), Eldridge discloses a protocol according to claim 9, 
where the step of storing the authorization identifier includes the sub-step of: 

a) storing expiry information relating to the authorization identifier; (see col. 2, lines 
58-60; col. 7, line 65 - col. 8, line 3) 

b) the validating step includes the sub-step of rejecting the authorization request if the 
expiry information indicates that the authorization request id has expired, (see col. 

2, lines 57-60: " The security information can also include specified conditions 
that will restrict access to a document For example, it may include (1) an expiry 
date beyond which access to the document is no longer granted, .... " 
Expiration (time period) information is stored as an access parameter for a 
particular document. If the time period has expired, then access to the document 
is rejected during the authentication process. ) 
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Regarding Claim 12 (Original), Eldridge discloses a protocol according to claim 2 or 
claim 3, where the requesting step includes the sub-step of including, in the printing 
request, the document, (see col. 9, lines 35-37: " The document data are then sent over 
the network . . . , to the workstation 50 which originally received the Print Service token. " 
Document data is transmitted over network to server system printing document. ) 

Regarding Claim 13 (Original), Eldridge discloses a protocol according to claim 2 or 
claim 3, where the requesting step includes the sub-step of including, in the printing 
request, a document identifier of the document, (see col. 8, lines 14-26: Document ID is 
included in the printing request transmitted to server system. ) 

Regarding Claim 14 (Original), Eldridge discloses a protocol according to claim 13, 
where the sending step includes the sub-step of retrieving the document using the 
document identifier, (see col. 9, lines 32-34: " Using the Document Identifier 46, the 
document data (electronic file) are retrieved by the file server 52. " Based on the 
document ID the actual document can be retrieved from a file server system and 
transmitted to a print server system. ) 

Regarding Claim 15 (Original), Eldridge discloses a protocol according to claim 14, 
where the sending step includes the sub-step of formatting the document for printing, 
(see col. 10, lines 7-18; and col. 9, lines 37-40: " For example, printer 54 associated 
with transceiver 22 may be capable of printing only in PostScript. RTM. format; and step 
s10 therefore included adding parameters to the token designating that the data file sent 
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ultimately to the printer must be converted to PostScriptRTM. format Following 
conversion ... , the (converted) document data are sent (step s19) to the printer 54. 
Upon receiving the document data, the document is printed ... . " The document can 
require formatting before actual printing at print server system.) 

Regarding Claim 16 (Original), Eldridge discloses a protocol according to claim 13, 
where the sending step consists of sending the document identifier to the printer, (see 
col. 9, lines 29-34: "The document data are then sent over the network ... f to the 
workstation 50 which originally received the Print Service token. " Information 
indicating a specific document (indicated by ID) is sent to the print server system for 
document printing. ) 

Regarding Claim 17 (Currently amended), Eldridge discloses a protocol according to 
claim 1 , where the network terminal is a Web browser running on a computer system, 
(see col. 4, lines 67 - col. 5, line 3; col. 5, lines 5-10: " The invention has been 
implemented using conventional web browser software (e.g. Netscape) providing cross- 
platform communication and document transfer over the internet However, it will be 
appreciated that the invention may be implemented using different system 
configurations: see EP'619. It ... may be a PC running Windows. ... , or a 
minicomputer running UNIX, ... , or any suitable processor-controlled network 
computer. " A 'network terminal' is designated as a PC system or UNIX system 
executing a web browser software program, (e.g. Netscape or Internet Explorer) The 
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network terminal system with token server software installed and an attached printer 
can print document transmitted from other systems in the network. ) 



Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 



Contact Information 
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8. 



Any inquiry concerning this communication or earlier communications from the 



examiner should be directed to Kyung H Shin whose telephone number is 703-305- 
071 1 . The examiner can normally be reached on 6:30 am - 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 703-305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



KHS 



Kyung H Shin 
Patent Examiner 
Art Unit 2132 



KHS 

April 25, 2004 




GILBERTO BARRON ' 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



